Consumer Data Collection Needed by Agency, Cordray Says

By Carter Dougherty -
Jun 21, 2013

The U.S. Consumer Financial Protection Bureau’s collection of credit-card account data, criticized by bankers and Republican lawmakers, is critical to the agency’s legal mandate, its director told members of Congress.

“Simply put, we cannot effectively regulate that which we do not understand,” CFPB Director Richard Cordray wrote in a May 23 letter to senators. “When collecting information necessary to perform our regulatory functions, we seek to limit to the greatest extent possible any burdens on market participants and take all necessary precautions to protect individuals’ personal privacy.”

In the letter, addressed to Senator Mike Crapo of Idaho, the top Republican on the Senate Banking Committee, Cordray rebutted charges that the agency’s data collection is overly burdensome or invasive. Cordray also emphasized that it is adhering to the 2010 Dodd-Frank Act, and said the agency would provide lawmakers “the information you want and need to exercise effective oversight over our work.”

Banks have complained about the data collection, and the U.S. Chamber of Commerce accused the CFPB of breaking the law in collecting detailed information on individual credit-card accounts, a point the agency disputed.

“The bureau has not issued an order or regulation imposing on businesses an obligation to provide account-level data on an ongoing basis,” David Hirschmann, chief executive officer of the chamber’s Center for Capital Markets Competitiveness, wrote in a June 19 letter to the agency. “Because it has failed to comply with this statutory requirement, we believe the Bureau’s data demands are unlawful.”

Dodd-Frank Mandates

In charging that the bureau is violating the law, the chamber cited a Dodd-Frank provision that speaks of data collection “in such form and within such reasonable period of time as the bureau may prescribe by rule or order.”

Jen Howard, a spokeswoman for CFPB, said the provision referenced by the chamber refers to the bureau’s authority to collect information from all companies in the bureau’s jurisdiction. Another part of the law requires the agency to collect appropriate information from companies it supervises to assess compliance with consumer-protection laws and detect risks to consumers, she said.

“The bureau’s existing data-gathering activities are authorized by the Dodd-Frank Act and do not require additional rulemaking,” Howard said in an e-mail.

Representing Banks

Those activities have consisted of both purchases of commercially available data and requests for data from the banks that CFPB directly supervises, those with assets of more than $10 billion.

Hirschman called on the bureau to address how it collects and protects data “expeditiously, transparently and in detail.”

In a seven-page letter to Crapo that includes 36 pages of attachments, Cordray outlined how data collection is “a central theme” of Dodd-Frank.

Dodd-Frank directs the creation of a research office at the agency, authorizes the direct collection of information for supervision and enforcement. And it specifies that the bureau should get data from available databases to minimize the burden on the private sector.

“When the bureau performs its market-monitoring functions it seeks to rely, to the greatest extent possible, on information already in its possession, information in the possession of fellow regulators, and information already aggregated in available databases,” Cordray wrote.

Identifiable Information

Cordray said that “no disclosure of personally identifiable information by the bureau is possible, because we do not have such information.” He said that in the case of the mortgage database it is creating, the agency “will implement safeguards against potential re-identification of borrowers that could occur through matching the information in the database with other available information.”

The bureau’s data collection was the subject of a contentious April 23 Senate hearing. Cordray insisted that the data gathered didn’t invade consumers’ privacy, is crucial to good regulation and mimics approaches already in wide use in the private sector.

“The big banks know more about you than you know about yourself,” Cordray said at a hearing of the Senate Banking Committee. “And me, too, as a consumer.”